The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1167 advisory.

    - [arm64] arm64/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896     1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [s390] s390/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [powerpc] powerpc/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896     1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [powerpc] powerpc/64: Disable the speculation barrier from the command line (Josh Poimboeuf) [1698809     1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add 'mitigations=' support for MDS (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [kernel] cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Josh Poimboeuf) [1698809     1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Fix comment (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360     1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [1698809 1698896 1699001 1690338     1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf)     [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [documentation] Documentation: Add MDS vulnerability documentation (Josh Poimboeuf) [1698809 1698896     1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [documentation] Documentation: Move L1TF to separate directory (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add mitigation mode VMWERV (Josh Poimboeuf) [1698809 1698896 1699001 1690338     1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add sysfs reporting for MDS (Josh Poimboeuf) [1698809 1698896 1699001 1690338     1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add mitigation control for MDS (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Josh Poimboeuf) [1698809     1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Josh Poimboeuf) [1698809 1698896     1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Josh Poimboeuf) [1698809 1698896 1699001     1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Josh Poimboeuf) [1698809 1698896 1699001 1690338     1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Josh Poimboeuf) [1698809 1698896 1699001 1690338     1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360     1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Josh Poimboeuf) [1698809 1698896     1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation: Consolidate CPU whitelists (Josh Poimboeuf) [1698809 1698896 1699001 1690338     1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/msr-index: Cleanup bit defines (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360     1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/speculation: Cast ~SPEC_CTRL_STIBP atomic value to int (Josh Poimboeuf) [1698809 1698896     1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}
    - [x86] x86/cpu: Sanitize FAM6_ATOM naming (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360     1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}     file (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360 1690351] {CVE-2018-12130 CVE-2018-12127     CVE-2018-12126}
    - [tools] tools include: Adopt linux/bits.h (Josh Poimboeuf) [1698809 1698896 1699001 1690338 1690360     1690351] {CVE-2018-12130 CVE-2018-12127 CVE-2018-12126}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 8 : kernel (ELSA-2019-1167)

medium Nessus Plugin ID 127583

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.9 Nov 2, 2024, 2:28 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202411020228
Version 1.8 Oct 23, 2024, 10:51 PM Detection (updated detection logic) Plugin metadata CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin Feed: 202410232251
Version 1.7 May 27, 2024, 11:42 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202405271142
Version 1.6 Dec 6, 2022, 6:51 PM Reference Plugin Feed: 202212061851